First Experimental OPNSense Images With HardenedBSD

One month ago, we announced we were teaming up with OPNSense to provide HardenedBSD-flavored versions of their project. The builds are ready and have been published! Read on for the full announcement and download links.

secadm 0.2.3 Released

secadm 0.2.3 is here! This release contains a number of bug fixes and enhancements. Most notably we've backported Integriforce to HardenedBSD 10-STABLE. Read on below for the changelog and download links.

Poll: linuxulator Removal

Body:

The linuxulator (the Linux emulation/translation layer in FreeBSD) has recently undergone a major overhaul. Many of FreeBSD's userbase relies on the linuxulator to provide things like the Adobe Flash Player browser plugin, linux browsers, and certain linux-centric tasks. The linuxulator provides a set of security challenges. It is yet another attack vector. The core HardenedBSD team would like to completely remove the linuxulator from HardenedBSD's codebase.

What would be removed:

linuxulator and its dependents
linprocfs (pending investigation, this might not be removed)
packages that require the linuxulator

Should the linuxulator be removed?

Yes

66% (133 votes)

No

34% (70 votes)

Total votes: 203

secadm 0.2.1 Released

We've released a new version of secadm, aiming to fix a number of bugs. Continue reading for the ChangeLog and the download links.

HardenedBSD Teams Up With OPNSense

We are excited to formally announce teaming up with OPNSense to provide HardenedBSD-backed builds of OPNSense. Read on for more information.

HardenedBSD Backport to 10-STABLE

We mostly finished the backport of our 11-CURRENT patches to 10-STABLE this week. This means that those who have a preference not to use 11-CURRENT (and we don't blame them) can now have the comfort of having exploit mitigation features in a more stable branch. The backport is currently in an experimental branch (hardened/experimental/10-stable) but will be promoted to a stable branch (hardened/10-stable/master) in around a month if we deem it to be stable. We will soon be providing amd64 packages as well.

Introducing secadm 0.2

We're excited to announce the release of secadm version 0.2! We've been working hard on a new star feature: Integriforce. Read on for the full change log and download links.

Introducing NoExec

Over the past few months, Oliver has been busy writing a new exploit mitigation feature for HardenedBSD: NoExec. The first part of this project was merged into master tree, and there are still ongoing issues to solve. Our implementation is inspired by PaX's. NoExec prevents pages that are marked as writable from being marked executable as well.

Call For Testing: secadm Integriforce

Our security administration project, secadm, has gained a new feature, which we call Integriforce (short for "Integrity Enforce"). Integriforce verifies file integrity prior to execution, similar to NetBSD's Veriexec. This post is a Call For Testing of that feature.

FreeBSD Random Number Generator Vulnerability

John-Mark Gurney of the FreeBSD development team announced a vulnerability affecting the FreeBSD Random Number Generator (RNG) code in 11-CURRENT. Since HardenedBSD is based on 11-CURRENT, HardenedBSD is affected. Read on for further details and remediation steps.

HardenedBSD

First Experimental OPNSense Images With HardenedBSD

secadm 0.2.3 Released

Poll: linuxulator Removal

Body:

secadm 0.2.1 Released

HardenedBSD Teams Up With OPNSense

HardenedBSD Backport to 10-STABLE

Introducing secadm 0.2

Introducing NoExec

Call For Testing: secadm Integriforce

FreeBSD Random Number Generator Vulnerability

Pages

Donate to HardenedBSD

2021 Donation Status

Links

Body:

Pages

Donate to HardenedBSD

2021 Donation Status

Search form

Links